Search the Community

Hi everyone, I'm sure you have seen me around in here by learning PHP, I am getting advance now. But I don't understand why it won't insert in PHPmyadmin (MySQL) with my prompt in php. Can you find why it won't add name as insert into my database? if ($_POST['submmited']) { $first = $_POST['firstname']; $last = $_POST['lastname']; $email = $_POST['email']; if ($first && $last && $email) { $sql = "INSERT INTO Student (StudentID,Firstname,LastName,Email) VALUES (NULL,'$first','$last','$email')"; mysqli_query($Garydb, $sql); } else { echo "Failed to add register"; } } I checked around, there is no mistake but it won't add a new as insert into my database...why? What Did I do wrong? Thank you in advance Gary

Sorry for many posts, trying to make my website When I press the register button on my website it will just act as if the page is refreshing and not send any information to mysql I believe I have connected everything up correctly, can anyone tell my what I have done wrong please? If you want to check out the website to see what is going on check out www.jokestary.comli.com <?php //This function will display the registration form function register_form(){ $date = date('D, M, Y'); echo "<form action='?act=register' method='post'>" ."Username: <input type='text' name='username' size='30'><br>" ."Password: <input type='password' name='password' size='30'><br>" ."Confirm your password: <input type='password' name='password_conf' size='30'><br>" ."Email: <input type='text' name='email' size='30'><br>" ."<input type='hidden' name='date' value='$date'>" ."<input type='submit' value='Register'>" ."</form>"; } //This function will register users data function register(){ //Connecting to database include('connect.php'); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("database", $connect); if(!$select_db){ die(mysql_error()); } //Collecting info $username = $_REQUEST['username']; $password = $_REQUEST['password']; $pass_conf = $_REQUEST['password_conf']; $email = $_REQUEST['email']; $date = $_REQUEST['date']; //Here we will check do we have all inputs filled if(empty($username)){ die("Please enter your username!<br>"); } if(empty($password)){ die("Please enter your password!<br>"); } if(empty($pass_conf)){ die("Please confirm your password!<br>"); } if(empty($email)){ die("Please enter your email!"); } //Let's check if this username is already in use $user_check = mysql_query("SELECT username FROM users WHERE username='$username'"); $do_user_check = mysql_num_rows($user_check); //Now if email is already in use $email_check = mysql_query("SELECT email FROM users WHERE email='$email'"); $do_email_check = mysql_num_rows($email_check); //Now display errors if($do_user_check > 0){ die("Username is already in use!<br>"); } if($do_email_check > 0){ die("Email is already in use!"); } //Now let's check does passwords match if($password != $pass_conf){ die("Passwords don't match!"); } //If everything is okay let's register this user $insert = mysql_query("INSERT INTO users (username, password, email) VALUES ('$username', '$password', '$email')"); if(!$insert){ die("There's little problem: ".mysql_error()); } echo $username.", you are now registered. Thank you!<br><a href=login.php>Login</a> | <a href=index.php>Index</a>"; } switch($act){ default; register_form(); break; case "register"; register(); break; } ?> Here is the connect.php code <?php $hostname="mysql6.000webhost.com"; //local server name default localhost $username="a5347792_users"; //mysql username default is root. $password=""; //blank if no password is set for mysql. $database="a5347792_users"; //database name which you created $con=mysql_connect($hostname,$username,$password); if(! $con) { die('Connection Failed'.mysql_error()); } mysql_select_db($database,$con); ?>

I followed a tutorial for making a secure login system for my website, and now when i completed the tutorial it isnt working as it is supposed to. when i click the register page on my site it gives the error code Warning: mysqli::mysqli(): (HY000/1045): Access denied for user 'sec_user'@'localhost' (using password: YES) in C:\wamp\www\gip\includes\db_connect.php on line 3 im a newbie to php so please help me db_connect.php register.php

Dear All, I am new to php i have created login/Sign up pages and problem is i needd code to display logout after users login into system but in my system both login/Register is dislaying after login also Please help me in this one..

hi guys. im a newbie in this forum and im glad that i found this. anyway, i have a problem with my code. i am creating a register and login application using php. however its not passing the data properly. i have tried to echo it and still its not showing. can anybody help me on this please? any assistance would be greatly appreciated here is my code for my init.php <?php session_start(); require 'database/connect.php'; require 'functions/general.php'; require 'functions/users.php'; if (logged_in() == true) { $session_user_id = $_SESSION['userid']; $user_data = user_data($session_user_id, 'userid', 'username', 'password', 'firstname', 'lastname', 'email'); } $errors = array(); ?> and this is my users.php which i think where lies the problem. i will just include the code of the function that creates the error. <?php function user_data($userid) { $data = array(); $userid = (int)$userid; $func_num_args = func_num_args(); $func_get_args = func_get_args(); if($func_num_args > 0) { unset($func_get_args[0]); $fields = '`' . implode('', $func_get_args) . '`'; $data = mysql_fetch_assoc(mysql_query("SELECT '$fields' FROM users WHERE userid = '$userid'")); print_r($data); return $data; } } ?> supposedly it should print the query stored in $data however its not doing that

i get ''password doesn't match.'' when i register me on my site This is the PHP code: <?php mysql_connect("localhost", "root", "kingk980327rr") or die(mysql_error()); mysql_select_db("php") or die(mysql_error()); if(isset($_POST['login'])){ if(empty($_POST['username']) or empty($_POST['password'])){ echo "Fields cannot be left empty"; }else{ $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string(sha1($_POST['password'])); $valid = mysql_query("SELECT * From users WHERE username='".$username."' and password='".$password."'"); if(mysql_num_rows($valid) == 1){ mysql_query("UPDATE Users SET online='1' WHERE username='".$username."'"); header("location: me.php"); }else{ echo "Password / username isn't correct."; } } } ?> <?php if(isset($_POST['register'])){ if(empty($_POST['rusername']) or empty($_POST['rpassword']) or empty($_POST['crpassword'])){ echo "Fields cannot be empty"; }else{ $do = mysql_query("SELECT * From users WHERE username='".mysql_real_escape_string($_POST['rusername'])."'"); if(mysql_num_rows($do) == 1){ echo "Users busy."; }else{ $rusername = mysql_real_escape_string($_POST['rusername']); $password = mysql_real_escape_string(sha1($_POST['rpassword'])); $rpassword = $_POST['rpassword']; if($password == $rpassword){ mysql_query("INSET INTO users (username, password) VALUES ('$rusername','$rpassword')"); echo "Account created."; }else{ echo "password doesn't match."; } } } } ?> and this is the html register form: <form method="post"> Användarnamn:<input type="text" placeholder="Ditt användarnamn" class="mywidth1" name="rusername"><br /> Lösenord:<input type="password" placeholder="Ditt lösenord" class="mywidth2" name="rpassword"><br /> Verifiera lösenord: <input type="password" placeholder="Skriv lösenordet igen" class="mywidth" name="crpassword"><br /> <input type="submit" class="regbutton" value="" name="register"> </form> And this is the HTML login form: <form method="post"> Användarnamn: <input type="text" placeholder="Namn" class="loginde" name="username"><br /> Lösenord: <input type="password" placeholder="Lösenord" class="loginde1" name="password"><br /> <input type="submit" class="login" value="" name="login"> </form><br /><br /> Hope someone can help me :/

Hey Guys, I'm currently working on a user registration form and everything is working pretty well, except one major problem. The PHP script sees DavidJones and David Jones as 2 different users. So I was wondering how to go about making the registration script disregard spaces so that users don't end up with the same usernames, only with spaces/no spaces. It would get confusing. So if "David Jones" was already registered and another user was registering as "DavidJones" or "Dav id J ones", then it wouldn't let him. Thanks!

Hi, I'm trying to create a Login & Register form which will create a profile for that user but I'm getting a lot of problems and I can't seem to figure out why it's not working correctly? I've created a post on the forums before about this problem but the problem was never resolved, I am new to PHP hence my noobieness. Basicly the problem at the moment is when I try to login it gives me a 'Wrong details error' which is expressed like so: elseif(!mysql_num_rows($r)) { $errorMsg = "* Sorry, couldn't log you in. Wrong login information."; } As far as the register form goes, it works fine to my knowledge as it's adding users to the database when they register and it's encrypting their passwords by using the crypt(); function. I'll link the Login form, the register form and the dbConfig below but I'll replace any sensitive details with '-HIDDEN-' for safety. I would really appreshiate if someone could help me out on this one cause I've been stuck with this problem for quite a while now and I can't figure it out, thanks a lot Register.php <?php include ("dbConfig.php"); if ($_SERVER['REQUEST_METHOD'] == "POST") { $usernameSQL = mysql_real_escape_string($_POST['username']); $emailSQL = mysql_real_escape_string($_POST['email']); $passwordSQL = mysql_real_escape_string($_POST['password']); $passwordSQL = crypt('$password'); $q = "INSERT INTO -HIDDEN-(username, email, password)VALUES('$usernameSQL', '$emailSQL', '$passwordSQL')"; $r = mysql_query($q); header("Location: register.php?op=thanks"); } ?> <form action="?op=reg" method="POST"> Username:<br><font color="red">*</font><input class="GeneralForm" type="text" name="username" id="username" maxlength="20"><br> <br> Email:<br><font color="red">*</font><input class="GeneralForm" type="text" name="email" id="email" maxlength="50"><br> <br> Password:<br><font color="red">*</font><input class="GeneralForm" type="password" name="password" id="password" maxlength="50"><br> <br> <input type="checkbox" name="tick"><font color="gray" size="3"> I agree to the Terms of Use<br> <br> <button type="submit" name="submit" class="InputButton" value="Submit">Submit</button> </form> <br><font size="2" color="gray">* You can edit details on your profile when you login!</font> Login.php <?php session_start(); include "dbConfig.php"; $errorMsg = ""; if ($_GET["op"] == "fail") { $errorMsg = "* You need to be logged in to access the members area!"; } if ($_SERVER['REQUEST_METHOD'] == "POST") { $username = trim($_POST["username"]); $password = trim($_POST["password"]); if (empty($username) || empty($password)) { $errorMsg = "* You need to provide a username & password."; } else { $usernameSQL = mysql_real_escape_string($username); $passwordSQL = crypt('$password'); $q = "SELECT id FROM -HIDDEN- WHERE username='{$usernameSQL}' AND password='{$passwordSQL}' LIMIT 1"; $r = mysql_query($q) or die("Error: " . mysql_error() . "<br>Query: " . $q); if(!$r) { //Error running query $errorMsg = "* Wrong username or password."; } elseif(!mysql_num_rows($r)) { //User not found $errorMsg = "* Sorry, couldn't log you in. Wrong login information."; } else { // Login good, create session variables and redirect $_SESSION["valid_id"] = $obj->id; $_SESSION["valid_user"] = $username; $_SESSION["valid_time"] = time(); // Redirect to member page header("Location: members.php"); } } } ?> <form action="?op=login" method="POST"> Username:<br> <input class="GeneralForm" type="text" name="username" id="username" maxlength="20" value="<?php echo htmlentities($usernameSQL); ?>"> <br><br> Password:<br> <input class="GeneralForm" type="password" name="password" id="password" maxlength="50"> <br><br> <button type="submit" name="Submit" class="InputButton" value="Login">Login</button> <h1 class="FailLoginState"><?php echo $errorMsg; ?></h1> </form> dbConfig.php <? $host = "-HIDDEN-"; $user = "-HIDDEN-"; $pass = "-HIDDEN-"; $db = "-HIDDEN-"; $ms = mysql_pconnect($host, $user, $pass); if ( !$ms ) { echo "Error connecting to database.\n"; } mysql_select_db($db); ?>

Hello all. I've download and install a script register and login by php. the script is working well. i have plan to make 2-3 pages which diffirent each pages, and when the user/client login they will redirect to his own pages. please help me how to coded the script because i am newbie at php code.this is the code of that script. login.php <?PHP require_once("include/membersite_config.php"); if(isset($_POST['submitted'])) { if($fgmembersite->Login()) { $fgmembersite->RedirectToURL("login-home.php"); } } ?> <?php include_once ('include/header.php') ; ?> <!-- Form Code Start --> <div id='fg_membersite'> <form id='login' action='<?php echo $fgmembersite->GetSelfScript(); ?>' method='post' accept-charset='UTF-8'> <fieldset > <legend>Login</legend> <input type='hidden' name='submitted' id='submitted' value='1'/> <div class='short_explanation'>* required fields</div> <div><span class='error'><?php echo $fgmembersite->GetErrorMessage(); ?></span></div> <div class='container'> <label for='username' >User Name *:</label><br/> <input type='text' name='username' id='username' value='<?php echo $fgmembersite->SafeDisplay('username') ?>' maxlength="50" /><br/> <span id='login_username_errorloc' class='error'></span> </div> <div class='container'> <label for='password' >Password *:</label><br/> <input type='password' name='password' id='password' maxlength="50" /><br/> <span id='login_password_errorloc' class='error'></span> </div> <div class='container'> <input type='submit' name='Submit' value='Submit' /> </div> membership-config.php <?PHP require_once("class.phpmailer.php"); require_once("formvalidator.php"); class FGMembersite { var $admin_email; var $from_address; var $name; var $company; var $address; var $country; var $state; var $postal; var $phone; var $fax; var $email; var $website; var $situ; var $ip; var $pwd; var $database; var $tablename; var $connection; var $rand_key; var $error_message; //-----Initialization ------- function FGMembersite() { $this->sitename = 'gosulawesi.com'; $this->rand_key = '0iQx5oBk66oVZep'; } function InitDB($host,$uname,$pwd,$database,$tablename) { $this->db_host = $host; $this->username = $uname; $this->pwd = $pwd; $this->database = $database; $this->tablename = $tablename; } function SetAdminEmail($email) { $this->admin_email = $email; } function SetWebsiteName($sitename) { $this->sitename = $sitename; } function SetRandomKey($key) { $this->rand_key = $key; } //-------Main Operations ---------------------- function RegisterUser() { if(!isset($_POST['submitted'])) { return false; } $formvars = array(); if(!$this->ValidateRegistrationSubmission()) { return false; } $this->CollectRegistrationSubmission($formvars); if(!$this->SaveToDatabase($formvars)) { return false; } if(!$this->SendUserConfirmationEmail($formvars)) { return false; } $this->SendAdminIntimationEmail($formvars); return true; } function ConfirmUser() { if(empty($_GET['code'])||strlen($_GET['code'])<=10) { $this->HandleError("Please provide the confirm code"); return false; } $user_rec = array(); if(!$this->UpdateDBRecForConfirmation($user_rec)) { return false; } $this->SendUserWelcomeEmail($user_rec); $this->SendAdminIntimationOnRegComplete($user_rec); return true; } function Login() { if(empty($_POST['username'])) { $this->HandleError("UserName is empty!"); return false; } if(empty($_POST['password'])) { $this->HandleError("Password is empty!"); return false; } $username = trim($_POST['username']); $password = trim($_POST['password']); if(!isset($_SESSION)){ session_start(); } if(!$this->CheckLoginInDB($username,$password)) { return false; } $_SESSION[$this->GetLoginSessionVar()] = $username; return true; } function CheckLogin() { if(!isset($_SESSION)){ session_start(); } $sessionvar = $this->GetLoginSessionVar(); if(empty($_SESSION[$sessionvar])) { return false; } return true; } function UserFullName() { return isset($_SESSION['name_of_user'])?$_SESSION['name_of_user']:''; } function UserEmail() { return isset($_SESSION['email_of_user'])?$_SESSION['email_of_user']:''; } function LogOut() { session_start(); $sessionvar = $this->GetLoginSessionVar(); $_SESSION[$sessionvar]=NULL; unset($_SESSION[$sessionvar]); } function EmailResetPasswordLink() { if(empty($_POST['email'])) { $this->HandleError("Email is empty!"); return false; } $user_rec = array(); if(false === $this->GetUserFromEmail($_POST['email'], $user_rec)) { return false; } if(false === $this->SendResetPasswordLink($user_rec)) { return false; } return true; } function ResetPassword() { if(empty($_GET['email'])) { $this->HandleError("Email is empty!"); return false; } if(empty($_GET['code'])) { $this->HandleError("reset code is empty!"); return false; } $email = trim($_GET['email']); $code = trim($_GET['code']); if($this->GetResetPasswordCode($email) != $code) { $this->HandleError("Bad reset code!"); return false; } $user_rec = array(); if(!$this->GetUserFromEmail($email,$user_rec)) { return false; } $new_password = $this->ResetUserPasswordInDB($user_rec); if(false === $new_password || empty($new_password)) { $this->HandleError("Error updating new password"); return false; } if(false == $this->SendNewPassword($user_rec,$new_password)) { $this->HandleError("Error sending new password"); return false; } return true; } function ChangePassword() { if(!$this->CheckLogin()) { $this->HandleError("Not logged in!"); return false; } if(empty($_POST['oldpwd'])) { $this->HandleError("Old password is empty!"); return false; } if(empty($_POST['newpwd'])) { $this->HandleError("New password is empty!"); return false; } $user_rec = array(); if(!$this->GetUserFromEmail($this->UserEmail(),$user_rec)) { return false; } $pwd = trim($_POST['oldpwd']); if($user_rec['password'] != md5($pwd)) { $this->HandleError("The old password does not match!"); return false; } $newpwd = trim($_POST['newpwd']); if(!$this->ChangePasswordInDB($user_rec, $newpwd)) { return false; } return true; } //-------Public Helper functions ------------- function GetSelfScript() { return htmlentities($_SERVER['PHP_SELF']); } function SafeDisplay($value_name) { if(empty($_POST[$value_name])) { return''; } return htmlentities($_POST[$value_name]); } function RedirectToURL($url) { header("Location: $url"); exit; } function GetSpamTrapInputName() { return 'sp'.md5('KHGdnbvsgst'.$this->rand_key); } function GetErrorMessage() { if(empty($this->error_message)) { return ''; } $errormsg = nl2br(htmlentities($this->error_message)); return $errormsg; } //-------Private Helper functions----------- function HandleError($err) { $this->error_message .= $err."\r\n"; } function HandleDBError($err) { $this->HandleError($err."\r\n mysqlerror:".mysql_error()); } function GetFromAddress() { if(!empty($this->from_address)) { return $this->from_address; } $host = $_SERVER['SERVER_NAME']; $from ="noreply@$host"; return $from; } function GetLoginSessionVar() { $retvar = md5($this->rand_key); $retvar = 'usr_'.substr($retvar,0,10); return $retvar; } function CheckLoginInDB($username,$password) { if(!$this->DBLogin()) { $this->HandleError("Database login failed!"); return false; } $username = $this->SanitizeForSQL($username); $pwdmd5 = md5($password); $qry = "Select name, ip, email from $this->tablename where username='$username' and password='$pwdmd5' "; $result = mysql_query($qry,$this->connection); if(!$result || mysql_num_rows($result) <= 0) { $this->HandleError("Error logging in. The username or password does not match"); return false; } $row = mysql_fetch_assoc($result); $_SESSION['name_of_user'] = $row['name']; $_SESSION['email_of_user'] = $row['email']; return true; } function ResetUserPasswordInDB($user_rec) { $new_password = substr(md5(uniqid()),0,10); if(false == $this->ChangePasswordInDB($user_rec,$new_password)) { return false; } return $new_password; } function ChangePasswordInDB($user_rec, $newpwd) { $newpwd = $this->SanitizeForSQL($newpwd); $qry = "Update $this->tablename Set password='".md5($newpwd)."' Where id_user=".$user_rec['id_user'].""; if(!mysql_query( $qry ,$this->connection)) { $this->HandleDBError("Error updating the password \nquery:$qry"); return false; } return true; } function GetUserFromEmail($email,&$user_rec) { if(!$this->DBLogin()) { $this->HandleError("Database login failed!"); return false; } $email = $this->SanitizeForSQL($email); $result = mysql_query("Select * from $this->tablename where email='$email'",$this->connection); if(!$result || mysql_num_rows($result) <= 0) { $this->HandleError("There is no user with email: $email"); return false; } $user_rec = mysql_fetch_assoc($result); return true; } function SendUserWelcomeEmail(&$user_rec) { $mailer = new PHPMailer(); $mailer->CharSet = 'utf-8'; $mailer->AddAddress($user_rec['email'],$user_rec['name']); $mailer->Subject = "Welcome to ".$this->sitename; $mailer->From = $this->GetFromAddress(); $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n". "Welcome! Your registration with ".$this->sitename." is completed.\r\n". "\r\n". "Regards,\r\n". "Webmaster\r\n". $this->sitename; if(!$mailer->Send()) { $this->HandleError("Failed sending user welcome email."); return false; } return true; } function SendAdminIntimationOnRegComplete(&$user_rec) { if(empty($this->admin_email)) { return false; } $mailer = new PHPMailer(); $mailer->CharSet = 'utf-8'; $mailer->AddAddress($this->admin_email); $mailer->Subject = "Registration Completed: ".$user_rec['name']; $mailer->From = $this->GetFromAddress(); $mailer->Body ="A new user registered at ".$this->sitename."\r\n". "Name: ".$user_rec['name']."\r\n". "Email address: ".$user_rec['email']."\r\n"; if(!$mailer->Send()) { return false; } return true; } function GetResetPasswordCode($email) { return substr(md5($email.$this->sitename.$this->rand_key),0,10); } function SendResetPasswordLink($user_rec) { $email = $user_rec['email']; $mailer = new PHPMailer(); $mailer->CharSet = 'utf-8'; $mailer->AddAddress($email,$user_rec['name']); $mailer->Subject = "Your reset password request at ".$this->sitename; $mailer->From = $this->GetFromAddress(); $link = $this->GetAbsoluteURLFolder(). '/resetpwd.php?email='. urlencode($email).'&code='. urlencode($this->GetResetPasswordCode($email)); $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n". "There was a request to reset your password at ".$this->sitename."\r\n". "Please click the link below to complete the request: \r\n".$link."\r\n". "Regards,\r\n". "Webmaster\r\n". $this->sitename; if(!$mailer->Send()) { return false; } return true; } function SendNewPassword($user_rec, $new_password) { $email = $user_rec['email']; $mailer = new PHPMailer(); $mailer->CharSet = 'utf-8'; $mailer->AddAddress($email,$user_rec['name']); $mailer->Subject = "Your new password for ".$this->sitename; $mailer->From = $this->GetFromAddress(); $mailer->Body ="Hello ".$user_rec['name']."\r\n\r\n". "Your password is reset successfully. ". "Here is your updated login:\r\n". "username:".$user_rec['username']."\r\n". "password:$new_password\r\n". "\r\n". "Login here: ".$this->GetAbsoluteURLFolder()."/login.php\r\n". "\r\n". "Regards,\r\n". "Webmaster\r\n". $this->sitename; if(!$mailer->Send()) { return false; } return true; } function ValidateRegistrationSubmission() { //This is a hidden input field. Humans won't fill this field. if(!empty($_POST[$this->GetSpamTrapInputName()]) ) { //The proper error is not given intentionally $this->HandleError("Automated submission prevention: case 2 failed"); return false; } $validator = new FormValidator(); $validator->addValidation("name","req","Please fill in Name"); $validator->addValidation("company","req","Please fill in Company Name"); $validator->addValidation("address","req","Please fill in Company address"); $validator->addValidation("country","req","Please fill in Country"); $validator->addValidation("state","req","Please fill in state"); $validator->addValidation("postal","req","Please fill in postal"); $validator->addValidation("phone","req","Please fill in phone"); $validator->addValidation("fax","req","Please fill in fax"); $validator->addValidation("email","email","The input for Email should be a valid email value"); $validator->addValidation("website","req","Please fill in website"); if(!$validator->ValidateForm()) { $error=''; $error_hash = $validator->GetErrors(); foreach($error_hash as $inpname => $inp_err) { $error .= $inpname.':'.$inp_err."\n"; } $this->HandleError($error); return false; } return true; } function CollectRegistrationSubmission(&$formvars) { $formvars['name'] = $this->Sanitize($_POST['name']); $formvars['company'] = $this->Sanitize($_POST['company']); $formvars['address'] = $this->Sanitize($_POST['address']); $formvars['country'] = $this->Sanitize($_POST['country']); $formvars['state'] = $this->Sanitize($_POST['state']); $formvars['postal'] = $this->Sanitize($_POST['postal']); $formvars['phone'] = $this->Sanitize($_POST['phone']); $formvars['fax'] = $this->Sanitize($_POST['fax']); $formvars['email'] = $this->Sanitize($_POST['email']); $formvars['website'] = $this->Sanitize($_POST['website']); $formvars['situ'] = $this->Sanitize($_POST['situ']); $formvars['ip'] = $this->Sanitize($_SERVER['REMOTE_ADDR']); } function SendUserConfirmationEmail(&$formvars) { $mailer = new PHPMailer(); $mailer->CharSet = 'utf-8'; $mailer->AddAddress($formvars['email'],$formvars['name']); $mailer->Subject = "Your registration with ".$this->sitename; $mailer->From = $this->GetFromAddress(); $mailer->Body ="Hello ".$formvars['name']."\r\n\r\n". "Thanks you for registering with ".$this->sitename."\r\n". "You will receive username and password after authentication.\r\n". "This message is computer generated. Please do not reply.\r\n". "\r\n". "Thank You,\r\n". "Vifa Holiday Group \r \n". $this->sitename; if(!$mailer->Send()) { $this->HandleError("Failed sending registration confirmation email."); return false; } return true; } function GetAbsoluteURLFolder() { $scriptFolder = (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] == 'on')) ? 'https://' : 'http://'; $scriptFolder .= $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']); return $scriptFolder; } function SendAdminIntimationEmail(&$formvars) { if(empty($this->admin_email)) { return false; } $mailer = new PHPMailer(); $mailer->CharSet = 'utf-8'; $mailer->AddAddress($this->admin_email); $mailer->Subject = "New registration: ".$formvars['name']; $mailer->From = $this->GetFromAddress(); $mailer->Body ="A new user registered at ".$this->sitename."\r\n". "Name: ".$formvars['name']."\r\n". "Email address: ".$formvars['email']."\r\n". "UserName: ".$formvars['username']; if(!$mailer->Send()) { return false; } return true; } function SaveToDatabase(&$formvars) { if(!$this->DBLogin()) { $this->HandleError("Database login failed!"); return false; } if(!$this->Ensuretable()) { return false; } if(!$this->IsFieldUnique($formvars,'email')) { $this->HandleError("This email is already registered"); return false; } if(!$this->InsertIntoDB($formvars)) { $this->HandleError("Inserting to Database failed!"); return false; } return true; } function IsFieldUnique($formvars,$fieldname) { $field_val = $this->SanitizeForSQL($formvars[$fieldname]); $qry = "select username from $this->tablename where $fieldname='".$field_val."'"; $result = mysql_query($qry,$this->connection); if($result && mysql_num_rows($result) > 0) { return false; } return true; } function DBLogin() { $this->connection = mysql_connect($this->db_host,$this->username,$this->pwd); if(!$this->connection) { $this->HandleDBError("Database Login failed! Please make sure that the DB login credentials provided are correct"); return false; } if(!mysql_select_db($this->database, $this->connection)) { $this->HandleDBError('Failed to select database: '.$this->database.' Please make sure that the database name provided is correct'); return false; } if(!mysql_query("SET NAMES 'UTF8'",$this->connection)) { $this->HandleDBError('Error setting utf8 encoding'); return false; } return true; } function Ensuretable() { $result = mysql_query("SHOW COLUMNS FROM $this->tablename"); if(!$result || mysql_num_rows($result) <= 0) { return $this->CreateTable(); } return true; } function CreateTable() { $qry = "Create Table $this->tablename (". "id_user INT NOT NULL AUTO_INCREMENT ,". "name VARCHAR( 128 ) NOT NULL ,". "company VARCHAR( 64 ) NOT NULL ,". "address VARCHAR( 16 ) NOT NULL ,". "country VARCHAR( 16 ) NOT NULL ,". "state VARCHAR( 32 ) NOT NULL ,". "postal VARCHAR(32) NOT NULL ,". "phone VARCHAR(32) NOT NULL ,". "fax VARCHAR(32) NOT NULL ,". "email VARCHAR(32) NOT NULL ,". "website VARCHAR(32) NOT NULL ,". "situ VARCHAR(32) NOT NULL ,". "ip VARCHAR(50) NOT NULL ,". "PRIMARY KEY ( id_user )". ")"; if(!mysql_query($qry,$this->connection)) { $this->HandleDBError("Error creating the table \nquery was\n $qry"); return false; } return true; } function InsertIntoDB(&$formvars) { $insert_query = 'insert into '.$this->tablename.'( name, company, address, country, state, postal, phone, fax, email, website, situ, ip ) values ( "' . $this->SanitizeForSQL($formvars['name']) . '", "' . $this->SanitizeForSQL($formvars['company']) . '", "' . $this->SanitizeForSQL($formvars['address']) . '", "' . $this->SanitizeForSQL($formvars['country']) . '", "' . $this->SanitizeForSQL($formvars['state']) . '", "' . $this->SanitizeForSQL($formvars['postal']) . '", "' . $this->SanitizeForSQL($formvars['phone']) . '", "' . $this->SanitizeForSQL($formvars['fax']) . '", "' . $this->SanitizeForSQL($formvars['email']) . '", "' . $this->SanitizeForSQL($formvars['website']) . '", "' . $this->SanitizeForSQL($formvars['situ']) . '", "' . $this->SanitizeForSQL($formvars['ip']) . '" )'; if(!mysql_query( $insert_query ,$this->connection)) { $this->HandleDBError("Error inserting data to the table\nquery:$insert_query"); return false; } return true; } function SanitizeForSQL($str) { if( function_exists( "mysql_real_escape_string" ) ) { $ret_str = mysql_real_escape_string( $str ); } else { $ret_str = addslashes( $str ); } return $ret_str; } /* Sanitize() function removes any potential threat from the data submitted. Prevents email injections or any other hacker attempts. if $remove_nl is true, newline chracters are removed from the input. */ function Sanitize($str,$remove_nl=true) { $str = $this->StripSlashes($str); if($remove_nl) { $injections = array('/(\n+)/i', '/(\r+)/i', '/(\t+)/i', '/(%0A+)/i', '/(%0D+)/i', '/(%08+)/i', '/(%09+)/i' ); $str = preg_replace($injections,'',$str); } return $str; } function StripSlashes($str) { if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return $str; } } ?> Thanks so much and apologize for my bad englsih..

Hi there, I have a question that I seem not to be able to find online else so I'm hoping someone here can help me. The question I have is I am in the process of creating a membership site. I have completed the login process correctly with a PHP login script I found online. I have installed the script correctly such as database, protecting certain pages etc. The problem I am having is I am wanting to hide the URL where the registration page is found where users can signup (e.g. mywebsite.com/register.php). For example, I am wanting users to be able to login any time (mywebsite.com/login.php from a link I provide on the home page), but I am wanting to hide the signup page as user will get access to the registration page once they have made payments. But the problem is if the user has a little bit of knowledge about login scripts, there should know just to type in either signup.php or register.php (where the login script is located) to get access to this page for free. For example, could I some how change the register.php name to something like register229102.php without the entire script not working? The idea behind my membership site will be once a user makes a payment via redirecting to a secure Clickbank payments page (as I am using Clickbank as my payment options) and once the user has made payments they are then redirected to the thank you page, when then the user will click a link to be redirected to the register.php page where they sign up and get access from there. And they can login from the home page once they have become a member. I hope this has made an understanding of my idea. I have everything already set up and would just like an easy way to hind the register.php URL as I am not to techy when it comes to PHP. Thanks Kindly, Daniel

Hello. I was wondering whether I could request some help about adding a change pass function to my login / register script on PHP/JQuery/MySQL. I have started the change pass function a little (the form is fully done and checks whether the required fields are filled in) but the rest is way above my current knowledge that involves PHP, I am more of a HTML person. Also, I would highly appreciate it if you could let me know whether this is vulnerable to SQL injection, I doubt it is because I've added some extra "mysql_real_escape_string();" to the script but all comments would help. I am useless at PHP <.< I have marked in the code where I have started the change pass function to make it a little easier to find. Here is the code: <?php error_reporting(E_ALL ^ E_NOTICE); define('INCLUDE_CHECK',true); require 'connect.php'; require 'functions.php'; // Those two files can be included only if INCLUDE_CHECK is defined session_name('tzLogin'); // Starting the session session_set_cookie_params(2*7*24*60*60); // Making the cookie live for 2 weeks session_start(); if($_SESSION['id'] && !isset($_COOKIE['tzRemember']) && !$_SESSION['rememberMe']) { // If you are logged in, but you don't have the tzRemember cookie (browser restart) // and you have not checked the rememberMe checkbox: $_SESSION = array(); session_destroy(); // Destroy the session } if(isset($_GET['logoff'])) { $_SESSION = array(); session_destroy(); header("Location: http://127.0.0.1/"); exit; } if($_POST['submit']=='Login') { // Checking whether the Login form has been submitted $err = array(); // Will hold our errors if(!$_POST['logusername'] || !$_POST['password']) $err[] = 'All fields are required.'; if(!count($err)) { $_POST['logusername'] = mysql_real_escape_string($_POST['logusername']); $_POST['password'] = mysql_real_escape_string($_POST['password']); $_POST['rememberMe'] = (int)$_POST['rememberMe']; // Escaping all input data $row = mysql_fetch_assoc(mysql_query("SELECT * FROM playerdata WHERE user='{$_POST['logusername']}' AND password='".sha1($_POST['password'])."'")); if($row['user']) { // If everything is OK login $_SESSION['user'] = $row['user']; $_SESSION['id'] = $row['id']; $_SESSION['rememberMe'] = $_POST['rememberMe']; // Store some data in the session setcookie('tzRemember',$_POST['rememberMe']); } else $err[]='You have entered an invalid username or password.'; } if($err) $_SESSION['msg']['login-err'] = implode('<br />',$err); // Save the error messages in the session header("Location: http://127.0.0.1/"); exit; } else if($_POST['submit']=='Register') { // If the Register form has been submitted $err = array(); if (!preg_match('/^[A-Za-z]{4,9}_{1}[A-Za-z]{4,9}$/', $_POST['username'])) { $err[] = 'Your username must be in the format of "John_Smith" (include the underscore) with a maximum of 19 characters and a minimum of 9. No other special characters are allowed.'; } $email = $_POST['email']; $query = sprintf("SELECT * FROM playerdata WHERE email='%s'", mysql_real_escape_string($email)); $result = mysql_query($query); if(!$result) { $err[]='There has been an error with your connection, please refresh the page and try again.'; } else { if(mysql_num_rows($result) > 0) { $err[]='That email address already exists.'; } } if(!checkEmail($_POST['email'])) { $err[]='Your email address is not valid.'; } if(!count($err)) { // If there are no errors $pass = substr(sha1($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000).rand(170000,200000)),0,6); // Generate a random password $_POST['email'] = mysql_real_escape_string($_POST['email']); $_POST['username'] = mysql_real_escape_string($_POST['username']); // Escape the input data mysql_query(" INSERT INTO playerdata(user,password,level,money,email,ip,datetime) VALUES( '".$_POST['username']."', '".sha1($pass)."', '1', '20', '".$_POST['email']."', '".$_SERVER['REMOTE_ADDR']."', NOW() )"); if(mysql_affected_rows($link)== 1) { send_mail( 'bugsyccfc@googlemail.com', $_POST['email'], 'Welcome to Domination Roleplay.', 'Your password is: '.$pass); $_SESSION['msg']['reg-success']='An email has been sent containing your password. '.$pass; } else $err[]='That username has already been taken.'; } if(count($err)) { $_SESSION['msg']['reg-err'] = implode('<br />',$err); } header("Location: http://127.0.0.1/"); exit; } else if($_POST['submit']=='Confirm') // [size=4][b]Change Pass Starts Here[/b][/size] { $err = array(); // Will hold our errors if(!$_POST['password2'] || !$_POST['password3']) $err[] = 'All fields are required.'; header("Location: http://127.0.0.1/"); exit; } // [size=4][b]Change Pass Ends Here[/b][/size] (No idea what to do now) [b]Change pass form is below[/b] $script = ''; if($_SESSION['msg']) { // The script below shows the sliding panel on page load $script = ' <script type="text/javascript"> $(function(){ $("div#panel").show(); $("#toggle a").toggle(); }); </script>'; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> <title>Domination Roleplay UCP - Home</title> <!-- CCS Links --> <link rel="stylesheet" type="text/css" href="data/css/register.css" media="screen" /> <link rel="stylesheet" type="text/css" href="data/css/slide.css" media="screen" /> <!-- End of CCS Links --> <!-- Javascript Links --> <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script> <!-- PNG FIX for IE6 --> <!-- http://24ways.org/2007/supersleight-transparent-png-in-ie6 --> <!--[if lte IE 6]> <script type="text/javascript" src="http://127.0.0.1/data/js/supersleight-min.js"></script> <![endif]--> <script src="data/js/slide.js" type="text/javascript"></script> <?php echo $script; ?> <!-- End of Javascript Links --> </head> <!-- Login/Register UCP --> <div id="toppanel"> <div id="panel"> <div class="content clearfix"> <div class="left"> <h1>The Sliding jQuery Panel</h1> <h2>A register/login solution</h2> <p class="grey">You are free to use this login and registration system in you sites!</p> <h2>A Big Thanks</h2> <p class="grey">This tutorial was built on top of <a href="http://web-kreation.com/index.php/tutorials/nice-clean-sliding-login-panel-built-with-jquery" title="Go to site">Web-Kreation</a>'s amazing sliding panel.</p> </div> <?php if(!$_SESSION['id']): ?> <div class="left"> <!-- Login Form --> <form class="clearfix" action="" method="post"> <h1>Member Login</h1> <?php if($_SESSION['msg']['login-err']) { echo '<div class="err">'.$_SESSION['msg']['login-err'].'</div>'; unset($_SESSION['msg']['login-err']); } ?> <label class="grey" for="username">Username:</label> <input class="field" type="text" name="logusername" id="logusername" value="" size="23" maxlength="19" /> <label class="grey" for="password">Password:</label> <input class="field" type="password" name="password" id="password" size="23" maxlength="13" /> <label><input name="rememberMe" id="rememberMe" type="checkbox" checked="checked" value="1" /> Remember me</label> <div class="clear"></div> <input type="submit" name="submit" value="Login" class="bt_login" /> </form> </div> <div class="left right"> <!-- Register Form --> <form action="" method="post"> <h1>Not a member yet? Sign Up!</h1> <?php if($_SESSION['msg']['reg-err']) { echo '<div class="err">'.$_SESSION['msg']['reg-err'].'</div>'; unset($_SESSION['msg']['reg-err']); } if($_SESSION['msg']['reg-success']) { echo '<div class="success">'.$_SESSION['msg']['reg-success'].'</div>'; unset($_SESSION['msg']['reg-success']); } ?> <label class="grey" for="username">Username:</label> <input class="field" type="text" name="username" id="username" value="" size="23"maxlength="19" /> <label class="grey" for="email">Email:</label> <input class="field" type="text" name="email" id="email" size="23" /> <label>A password will be sent to your email address provided.</label> <input type="submit" name="submit" value="Register" class="bt_register" /> </form> </div> <?php else: ?> <div class="left"> <?php $query = sprintf("SELECT * FROM `playerdata` WHERE `user` = '%s'", mysql_real_escape_string($_SESSION['user'])); $result = mysql_query($query)or die(mysql_error()); echo '<h1><b><font color="#FFFFFF">'.$_SESSION['user'].'s User Control Panel</font></h1></b>'; echo '<p><b><font color="#FF0000">IP Address</font>: <font color="#FFFFFF">'.$_SERVER['REMOTE_ADDR'].'</font></p></b>'; while($row = mysql_fetch_array($result)) { echo '<p><b><font color="#FF0000">Registered</font>: <font color="#FFFFFF">'.$row['datetime'].'</font></p></b>'; echo '<p><b><font color="#FF0000">Cash</font>: <font color="#009933">$'.$row['money'].'</font></p></b>'; echo '<p><b><font color="#FF0000">Level</font>: <font color="#FFFFFF">'.$row['level'].'</font></p></b>'; } ?> <a href="?logoff">Log Out</a> </div> <div class="left right"> <h1>Your Account Settings</h1> <?php echo '<h2><font color="#FFFFFF">Change Password</font></h2>' [b][size=4]// Change Pass Form[/size][/b] ?> <form action="" method="post"><br /> <label class="grey" for="password">Existing Password:</label> <input class="field" type="password" name="password2" id="password2" size="23" maxlength="13" /> <label class="grey" for="password">New Password:</label> <input class="field" type="password" name="password3" id="password3" size="23" maxlength="13" /> <label class="grey" for="password">Confirm Password:</label> <input class="field" type="password" name="password4" id="password4" size="23" maxlength="13" /> <input type="submit" name="submit" value="Confirm" class="bt_changepass" /> </div> <?php endif; ?> </div> </div> <!-- /login --> <!-- The tab on top --> <div class="tab"> <ul class="login"> <li class="left"> </li> <li>Welcome <?php echo $_SESSION['user'] ? $_SESSION['user'] : 'Guest';?>!</li> <li class="sep">|</li> <li id="toggle"> <a id="open" class="open" href="#"><?php echo $_SESSION['id']?'Open Panel':'Log In | Register';?></a> <a id="close" style="display: none;" class="close" href="#">Close Panel</a> </li> <li class="right"> </li> </ul> </div> <!-- / top --> </div> <!--Login/Register UCP --> </body> </html> Thanks a lot for taking your time to help!

The following code doesn't work can someone please help me out? <?php // Connects to your Database mysql_connect("db.xxxxxx.org", "xxxxxx", "xxxxxx") or die(mysql_error()); mysql_select_db("md212730db240041") or die(mysql_error()); //This code runs if the form has been submitted if (isset($_POST['submit'])) { //This makes sure they did not leave any fields blank if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) { die('You did not complete all of the required fields'); } // checks if the username is in use if (!get_magic_quotes_gpc()) { $_POST['username'] = addslashes($_POST['username']); } $usercheck = $_POST['username']; $check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") or die(mysql_error()); $check2 = mysql_num_rows($check); //if the name exists it gives an error if ($check2 != 0) { die('Sorry, the username '.$_POST['username'].' is already in use.'); } // this makes sure both passwords entered match if ($_POST['pass'] != $_POST['pass2']) { die('Your passwords did not match. '); } // here we encrypt the password and add slashes if needed $_POST['pass'] = md5($_POST['pass']); if (!get_magic_quotes_gpc()) { $_POST['pass'] = addslashes($_POST['pass']); $_POST['username'] = addslashes($_POST['username']); } // now we insert it into the database $insert = "INSERT INTO users (username, password) VALUES ('".$_POST['username']."', '".$_POST['pass']."')"; $add_member = mysql_query($insert); ?> It returns this error: Parse error: syntax error, unexpected $end in /public/sites/build2.mccity.org/Register.php on line 237 Thanks alot on forhand.

Hi everyone. I'm having a bit of trouble with my registration script. When I go to my action.php file, I get these error: Notice: Undefined index: uname1 in C:\xampp\htdocs\series\action.php on line 2 Notice: Undefined index: pword1 in C:\xampp\htdocs\series\action.php on line 3 But, When I test my script, Everything works fine. I don't understand what's going on. These are my two files: index.php: <html> <body> <form action="action.php" method="post"> Username: <input type="text" name="uname1" /> Password: <input type="password" name="pword1" /> <input type="submit" value="Login" /> </form> </body> </html> action.php: <?php $username_1 = $_POST['uname1']; $password_1 = $_POST['pword1']; $con = mysql_connect("localhost", "root", ""); if (!$con) { die('Could not connect: '. mysql_error()); } mysql_select_db("user1", $con); mysql_query("INSERT INTO userlogin (username, password) VALUES ('$username_1', '$password_1')"); mysql_close($con); ?>

Hey guys, I'm in the process of putting together a sign up form and I'm trying to figure out how to construct the page so that the user can first upload their avatar and then finish the form and create an account. Do you know how this is done logically? Do people upload the avatar via ajax and store it in some temperary folder after the photo has been uploaded? The problems is... if you're a user and you load the sign up page and upload a photo, after that photo gets upload via ajax and spit back out on the page, what happens? Does the photo get uploaded or are you just showing a desktop representation of that photo? Does the photo get uploaded when the full form is submitted? If the photo get's uploaded after an ajax call, how do you tie the uploaded photo to the signed up user after the form is submitted? Also, if the user uploads an avatar, but doesn't complete the form, how do you handle that situation? Do you know of any tutorials that outline this well? I'm essentially trying to implement the same functionality seen on pinterest's sign up form.